sanitize output

EQdkpPlus · May 18, 2015 · 51b4933 · 51b4933
1 parent 49cc4bb
commit 51b4933
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/mmo_news_rss.class.php b/mmo_news_rss.class.php
@@ -249,7 +249,7 @@ private function createLink($title,$link,$disc,$author="",$date="",$crop_title=f
 		if ($crop_title){
 			$title =	$this->cropText($title,$this->titlecrop) ;
 		}
-		$ret = "<a href='".$link."' target='_blank' class='coretip' data-coretip='".$header.$content.$footer."'>".$title."</a>";
+		$ret = "<a href='".sanitize($link)."' target='_blank' class='coretip' data-coretip='".sanitize($header.$content.$footer)."'>".sanitize($title)."</a>";
 		return $ret ;
 	}
 
@@ -262,8 +262,8 @@ private function createLink($title,$link,$disc,$author="",$date="",$crop_title=f
 	 * @return String
 	 */
 	private function createBody($disc,$link,$author="",$date=""){
-		$content = '<a href="'.$link.'" target="_blank">'.$this->cropText($disc,280).'</a>';
-		$footer = $this->time->user_date(strtotime($date), true)." by <b>".$author."</b>";
+		$content = '<a href="'.sanitize($link).'" target="_blank">'.sanitize($this->cropText($disc,280)).'</a>';
+		$footer = $this->time->user_date(strtotime($date), true)." by <b>".sanitize($author)."</b>";
 		return $content.'<br />'.$footer;
 	}